Sunday, February 18, 2018

Life After Law Enforcement: Do I Stay Or Do I Go?

I was working on a bunch of CFP responses recently and during that process I found one that was rejected (so, so bitter…) by a major digital forensics conference in 2013. I won't say the name of the conference but it rhymed with "CEIC 2013".

The write up that I submitted for the talk was:

"This PowerPoint-free presentation will provide law enforcement officers who are contemplating pursuing a career in private sector digital forensics with the information they need to prepare and be successful.  It will cover how to best prepare for a private sector career as well as the pros and cons of the different options available.  We will also talk about topics such as resume preparation, interview strategies and private sector compensation models."

Since I’m back in the blogging game, I’m just going to do this presentation as a series of blog posts.  From hell’s heart I stab at thee CEIC 2013 CFP approval committee…. unless you turned me down because I inexcusably didn’t use the oxford comma in my CFP. If that was the case, all if forgiven because I clearly deserved nothing better.

The first decision that law enforcement people need to make is the classic one asked by Mick Jones and company in the 1980s.  If and when to leave law enforcement depends on a myriad of personal and professional variables, but the general advice that I give police officers is simply this:  If you are happy and you know it, stay right there.

Taken as a whole, the grass isn’t greener in the private sector compared to the public sector. There are advantages and disadvantages, but if you’re happy doing what you are doing and the compensation and benefits are working for your family, there isn’t any reason to bail out. I’ve seen plenty of people regret leaving law enforcement chasing money because they had a pile of cash dangled in front of them.  In some cases, I’ve seen people return back to law enforcement after spending time in the private sector and there isn’t anything wrong with that.

Money certainly can be a compelling reason to head off to the private sector especially if it’s in such an amount that will change the lives of your family and what you can provide them, but you also have to look at the total compensation package because there is more to compensation than just salary.  For example, many private sector health plans are much less robust than what one can get in the public sector.  High-deductible plans with high monthly premiums have been a trend in the private sector and can eat up quite a bit of that sack of cash you were offered.   It’s also very important to keep in mind that most private sector jobs in the digital forensics world are going to be salaried positions where you aren’t eligible for overtime and comp time even if you traveling and working long hours sometimes during nights, weekends, and holidays.

What I tell people is if they are happy in law enforcement, the private sector will still be around when they decide it’s time for different challenges.  It’s not that I tell people that they shouldn’t cross over, but that doing it to primarily to chase money when they are otherwise happy in their work is likely a bad idea. The bottom line is that if you are chasing money and making that the primary focus of your decision to leave, you could very easily find yourself in a situation where you are making better money, but you are profoundly unhappy. It’s not worth it.

All of that said, I’ve known many people who have left law enforcement either early in their career or after a fully-vested retirement who have been very happy with their decision and thrived in the private sector.  I’ve mentored and even hired many of these people over the years. Some of the greatest people in the industry have been people who have left law enforcement for the private sector.

The people who I’ve seen most happy with their decisions to leave law enforcement were the ones who felt that they had hit a plateau in their careers and felt stagnated and unhappy in their current role.  These tend to be people who want to do more and learn more than they can in their law enforcement job so the idea of greater challenges, an actual career path, and more money makes for a compelling reason for them to make the move.

The career path aspect has been one of my greatest recruiting tools as a hiring manager. Stupid work rules are meat on my table when I come looking to lure some unhappy law enforcement border collie over to the private sector.  I adore dumb work rules such as ones that prevent skilled digital forensics officers from getting promoted unless they’re willing to go back to patrol or, even worse, the jail. Dumbness like this has been one of the greatest recruiting tools I’ve been given by the government sector. From the bottom of my heart to the improvident lackwits who came up with these ideas, thank you.

My advice is if you are considering making the move, you should start talking to people who have already made the move, people who have left and come back, and to as many hiring managers in the private sector as you can.  The networking that you’ll be doing will also help in landing that private sector job if that is the path you choose. 

Even if you aren’t considering making the move yet, one of the best bits of career advice that I ever received was that you should always be preparing for the next job even if you aren’t actively looking for the next job. It’s smart to give yourself as many options as you can even if you are happy in your present situation.

The next part in the series will be a blog post that covers the pros and cons of various private sector options.  As the series progresses, I’ll cover things such as networking, training, certifications, interviewing, resumes, formal education, and more.  If you have questions that you would like to have answered, you can reach me through the usual communications methods I have listed on the blog.

Saturday, January 20, 2018

Blockchain and Digital Forensics

The page view metrics for the blog are starting to come back and I’m starting to see more engagement on what I’m writing because of that. You can follow and communicate with me in public on Twitter, Facebook, and LinkedIn, but I’m finding that most people are comfortable just talking in private.  Twitter direct messages have been quite popular, for example, and I’m fine with however people like to talk. Semper Gumby. 
It turns out I have a bit of a Paul Revere thing going on when it comes to the convergence of blockchain and digital forensics given that I’ve been yelling “The blockchains are coming! The blockchains are coming!” for several posts now that I’ve returned to blogging. Okay, fine, they’ve already been here for years, but I don’t think enough people understand that in the digital forensics world. 

The responses that I’ve gotten from my blockchain posts have ranged from dismissive to agreement that blockchain is here to stay and the law enforcement and digital forensic communities needs to get ramped up on this much quicker.  The responses that spurred me to write this post were the ones that essentially said, “Fine, Eric, I believe you.  What exactly do I need to know?” as wells ones that roughly said, “I’m not saying you’re smoking your socks, but I remain skeptical.”

I think the best place to start is to explain how I tend to view computer crime investigations from a larger conceptual standpoint. There are a variety of models for how both public and private organizations can structure their investigative teams.  Back in the early days of the blog when I was working in northern New Jersey, I got to know some of the members of the NYPD Computer Crime Squad. They were nice enough to invite me to visit them from time to time at 1 Police Plaza which was - at least at the time - their home.  I don’t think I know anyone on the squad these days because given their in-demand skill set and way their retirement program worked, the people on that squad tended to have a Logan’s Run thing going on where they’d “renew” into the private sector pretty quickly after their twenty year seniority mark.

Obscure [ed. note: but clever, darn it] 1970’s 23rd century dystopian science fiction movie references aside, the NYPD Computer Crime Squad at the time had two main components. There were the detectives who did the computer crime work dealing with investigations like online account compromises, web site defacements, computer tampering, as well as providing computer crime support to traditional NYPD investigations.  The other component were the detectives who did the hands on digital forensic examination work.  The computer crimes people were the first people I saw when I entered their work space so I think of them as the front of the office people and the digital forensics detectives were in the back of the office in a secured lab.

From a front office perspective, computer crimes investigators have to learn blockchain at least at a conceptual level so that they can explain it to the public, judges, juries, prosecutors, and other law enforcement officers.  They’re going to be seen as subject matter experts on this whether they like it or not.  At some point, for example, they’ll be getting a phone call in the middle of the night from a major crimes team saying they have a kidnapping and the bad guys want the ransom paid in Monero….and what the heck is that? They’re also going to have to understand blockchain at enough of a technical level to understand how value is traded using various blockchains so that they can be effective investigators who can also communicate and educate others. For example, they’ll need to explain concepts such as how people can use online digital currency exchanges, how blockchain wallets work, and concepts such as mining and proof of work. 

Basically, the people who investigate computer crime need to learn it well enough to teach others and I’ve found that’s one of the best ways to learn something.  I forgot who told me this first, but if you want to learn something put yourself in a position where you have to teach it.  I find blockchain gloriously frustrating in that respect. Rob Lee injected more than a few things into my vocabulary over the years. I’ll never forget him telling the students in a digital forensics class that he was teaching that being frustrated was good because it meant that they were eager to learn.  He said if they weren’t frustrated, they either already knew the material or they didn’t care.

The back of the house people have the same problem set as the front of the house people (and in some departments, it’s the same people doing everything), but they also have to understand how to do blockchain investigations through the digital forensics process.

So, what does blockchain look like on the digital forensics end of things?

One of the key elements of blockchain technology is the use of wallets.  The wallets can take the forms such as hardware wallets, desktop wallets, mobile phone wallets, and web wallets.  So, you have all of the standard digital forensics artifacts that you could get when you have someone interacting with software on a device or, in the case of the web wallet, interacting with the wallet using a web browser. 

Michael Doran did a fantastic white paper entitled “A Forensic Look at Bitcoin Cryptocurrency” on Bitcoin forensics back in 2015. His paper has a nice introductory portion about Bitcoin and cryptocurrency and then dives into his research on the forensic examination of a desktop wallet. He’s a great example of a sharp digital forensics person who saw a trend early, dug into it, and share his knowledge with the rest of us.  I expect we’ll see someone do something similar down the road on a server set up for blockchain mining.

One the web wallet side of things, most of my research into blockchain has utilized web-based wallets so that I can do research pretty much anywhere I have the time and Internet access. I’ve found the URLs to be really chatty when it comes to things like transaction data.  You can see this transaction as an example of one that I did awhile back.  Thus, you’ll see useful information in your web browser forensic tool and then you would get more information about the transaction when you went to the link yourself.

There is, of course, always going to be the eternal malware issue. Blockchain mining malware analysis is already a thing, of course, which shouldn’t be a surprise to anyone. What I’m really curious about is just how chatty the mining malware is in regards to giving clues on to “who is getting happy” due to the malware.  I had a really great former investigative leader that I worked for who was a former Chicago police officer. He mentored me in investigations and used to tell me one of the things you wanted to know was who was getting happy from a criminal scheme whether it was financial or otherwise.  In other words, who is getting a positive benefit from this malware?

There is also the blockchain tracking aspect of doing these investigations.  I’m a bit ambivalent about that right now in regards to how that is going to play out in the investigative world.  I think it will ultimately be increasingly difficult to do as we see the rise of blockchains that are specifically designed to prevent that from happening. Bitcoin lends itself well to tracking transactions since it’s a pretty open system even if there are ways to obfuscate what is going on. There are firms that offer up software to help the tracking process and there have been people like Kevin Perlow who have done good work educating people on the topic of tracking. Kevin did a presentation awhile back on “Tracking Bitcoin Transactions on the Blockchain” and you can find the slides are here and the presentation here.

I’ll leave you with a quote from blockchain luminare Preethi Kasireddy that we all should be taking to heart when it comes to our responsibilities to learn and educate in the digital forensics world.


Monday, January 1, 2018

Unfit For Purpose: A Tale of Two Currencies

I initially wrote off cryptocurrencies because of deep Bitcoin skepticism that largely remains with me to this day. I was also turned off by the fact that some of the most enthusiastic early Bitcoin enthusiasts were criminals (because of a healthy aversion to prison) and people who had a political axe to grind particularly when it came to central banking.  Throw in Mt Gox and endless stories of how the underground economy was leading the way on Bitcoin usage and it was easy enough to just write it off.  In my defense, I was working on an MBA so I wasn’t paying close attention to much of anything in this space.  It was probably best that I wasn’t doing much blogging then or I would have beclowned myself early and often on this topic.

I eventually came to a conclusion that while Bitcoin was stupid, blockchain was not. I’ve since decided even that was the wrong approach to take as I’ve come to view Bitcoin as the Wright Flyer of blockchain technology.  It shows everyone what is possible and kicks off a revolution in technology that has immense potential even if the original technology starts to look very old, very quickly.

Bitcoin’s problems are legion with one of the biggest being that it’s simply a wretched currency in its present state.  It’s a horrible store of value given how volatile it is. The fact that it’s rocketed up in value over the past year is an illustration of how unreliable it is as a store of value rather than an argument for it.  As I write this, it’s gone up 1,413% since last year, anything that can go up that fast can go down just as fast and we’ve seen price drops of 15% on some days.

A currency that instable isn’t fit for purpose particularly when it comes to being something you can trust to store your money.   If that’s not enough for you, it’s bat poop crazy to use it for contracts that are defined in Bitcoin.  For example, what possible sense would there be to enter a contract to purchase real estate in Bitcoin? What buyer in their right mind would enter into a contract to purchase a house for 10 Bitcoins worth $145,000 at the time of the contract when in thirty days at the time of close those bitcoins are now worth $207,350 because the price went up 43.55% between contract and close?

Throw in the high transactions fees and the slow settlement time and it’s gotten to the point where even the underground economy is starting to use alternatives such as Litecoin. Anyone who has done research on Bitcoin by doing transactions knows how expensive it gets. It’s certainly some of the most expensive research I’ve ever done.

I also have concerns about “decentralized” cryptocurrencies that relentlessly devour so much energy that the infrastructure is concentrated in a handful of nation-states that can offer up cheap energy to feed the beast.

You can Google to your heart’s content on what makes for a good currency, but at a minimum a good currency will act as a stable store of value that doesn’t go wildly up or down. You have to know that if you put money into that currency that it will remain largely the same value weeks or years down the road.   It also has to be easily transferable (so you can engage in transactions reasonably quickly and easily) and acceptable (people will actually recognize it as a valid currency and will transact with you using it) or it’s just not a viable currency in any meaningful sense.

Ultimately, currency is deeply psychological because it’s about trust.  Once upon a time, currency was all about obtaining precious metals like silver and gold and then turning those commodities into actual coined money.  Eventually, we ended up with paper money that was backed by commodities which is how we ended up with the gold standard.  The gold standard was awesome until it wasn’t. We are now in the fiat-currency era where supply and demand is the primary determiner of value rather than what the currency issuer has stored in its vaults somewhere.  The trust that the market has in the issuer of the currency has a large impact in the value of the currency.

I had a whole section written up for this post that went into more detail on the history of the commodity-backed currencies and fiat-currencies, but even my eyes glazed over when I was trying to edit it for publication so I deleted it.  Suffice it to say that both commodity-backed currencies and fiat-currencies have had successes and failures.  The Great Depression was the beginning of the end of the gold standard because every major currency at the time left the gold standard during that time.

Just as the gold standard showed its limitations at various times in the past century, we’ve seen some spectacular fiat-currency disasters that have helped fuel interested in cryptocurrencies.  The most recent example is the Venezuelan bolívar and the immense amount of human misery that the mismanagement of that currency has created.  I started following the bolívar’s plight even before I started an executive MBA program at the University of Florida, but I really started to understand what I was seeing better after getting a great education in emerging market finance and macroeconomics.  The executive summary is falling oil prices coupled with gross mismanagement of the country resulted in the bolívar essentially being destroyed over just a few years of time.  Like everyone else who is interested in this topic, I’ve followed the story through the dolartoday website.  We’re at the point where the only question I have about the bolívar is whether it ends up like the Zimbabwe dollar simply goes away or whether it remains as a testament to what can happen when a government destroys its currency and economy. 

Even the Venezuelan government knows the gig is up with the bolívar. Their response? Wait for it….wait for it….they’re launching a cryptocurrency called the petro which will be backed with their oil reserves. This will obviously be a wildly successful cryptocurrency and a terrific store of value given how competent the Venezuelan government has been at managing their economy and their previous currency. Wait. I hear it now.

The bolívar is an excellent use case for a stable cryptocurrency that can’t be mucked with by a nation-state.  Many people saw their life savings destroyed by the destruction of the bolívar just as many other people have seen their money disappear in previous fiat-currency disasters.  Even with well managed currencies like the United States dollar and the European Union euro, we’ve seen periods of high inflation and trouble such as the Greek currency controls and Cyprus bank account levies.  

Nation-state economic and monetary mismanagement provides a great use case for well-crafted cryptocurrencies that are truly decentralized and are stable stores of value.  We don’t even need a cryptocurrency that can be used at the grocery store for this to be a successful currency. Something that is a stable store of value and can move money from demand deposit account to demand deposit account relatively quickly and inexpensively can provide an excellent global hedge against nation-state related currency disasters.

So why are you reading this on a cyber crime and digital forensics blog? Because it’s going to be part of your investigative life whether you like it or not.  Being ignorant of blockchain isn’t an option if you intend to be an effective cyber crime investigator or digital forensics examiner.  Anyone who is working on cyber crime cases will have to deal with bad guys moving money around through blockchains. Anyone doing digital forensics exams will be asked by the people doing the cyber crime investigations to provide them evidence that the devices were used to move money via blockchains and to help them determine the classic investigation questions of who, what, why, where, and when.